Frequently Asked Questions
Loop is a Level One PCI Certified Provider and follows PCI rules. Loop does not store mag stripe track data on the phone's application memory, nor does Loop store track data in the cloud. Loop enables the consumer to store their own track data in an encrypted format, onto a secure memory inside the Loop Fob or Loop ChargeCase, very similar to NFC storing the card data on a secure chip. There are no rules against a consumer securely storing and controlling their own track data in their own protective environment. Consumers store our own plastic cards in a leather wallet, or keep them in a drawer when they don't want to carry too many pieces of plastic. Loop enables you to store the same cards, (any type of mag stripe card - credit, debit, loyalty, gift, proprietary cards,) in your secure memory, which you control, and it is locked with their PIN so it is more secure than their leather wallet if it is lost or stolen. Loop is providing consumers the ability and the choice to securely store, organize and use the cards in your wallet.
Note that there is a difference between the mag stripe track data on the card and the card numbers that merchants often keep on file on their servers. The track data contains additional information that your card issuer provides that authenticates that the data came from the magnetic stripe and not by keying in a number read from the card. PCI does not allow the storage of track data by third parties; Loop does not store track data. Loop stores a copy of the card number in an encrypted format in our PCI Level 1 data center, per PCI requirements, much like many big merchants who store your card number on file for faster checkout. When you want to view the card number on the LoopWallet app, the app contacts our backend system, after you validate with your PIN and have logged in with your password, we decrypt and display the data for you for up to 60 seconds. You can also optionally store the CVV2/CID data from the card on your phone separately from the cloud. Since you are storing the CVV2/CID yourself, as the cardholder, you are not breaking PCI requirements. No card data is stored on your phone, it is just a 3 or 4 digit number in your phone.Last updated:
The transmission between Loop and the POS reader is done over a very short distance (1 to 4 inches) and all done within a fraction of a second. Also, the transmission must be initiated by the user actively, and cannot be initiated by a separate reader like RF or NFC protocol, thus not susceptible to being "sniffed".
Loop can also work with issuers to present dynamic data in the discretionary field, which the issuer can validate, thus giving end-to-end security, without changing the terminal or the processor. Loop leverages existing transmission means to add better security without the huge cost of changing merchant terminals and infrastructure.Last updated:
Loop denies the storage of standard payment cards that do not match the LoopWallet account holder's name. Every Loop Device is linked to a single LoopWallet account holder, after the user swipes a card to store it, the encrypted data goes to Loop's server to be decrypted and a name match for the name on the track data is performed against the name of the account holder. If the name does not match, Loop denies the storage attempt and flags the event for security review. This is another one of the security barriers that Loop has implemented to protect cardholder information.
Note that for cards with BIN range (first 6 digits) that does not match standard payment cards, such as Loyalty and Gift Cards that have no names in the track data, Loop does not reject storing these cards. Most criminals are less interested in these cards because of the low value contained and it is easier to use existing "skimming" methods without getting traced by the LoopWallet system. Criminals will get less attention using fake plastic cards than using their phone to pay. Loop offers various ways to protect consumers cards and maintain vigilance against criminals that are trying to conduct fraud.Last updated:
EMV is for plastic cards with contact chips to send data to the Point of Sale (POS) terminal. Loop is for mobile card transmission to the magnetic reader head via magnetic induction. The two systems use different transmission means. In the U.S., the vast majority of POS terminals can only accept magnetic stripe data, so even if you have an EMV chip card, the terminal will only accept the magnetic stripe data. That's why chip cards from the UK and Canada can work with US terminals.
In EMV countries like Canada and the UK, the EMV POS terminals will accept American magnetic stripe cards because the card has a U.S. service code. EMV credit card track data also has a service code on the magnetic stripe. For EMV countries where chip and pin is dominate means of transaction and the card does not have a U.S. service code, Loop can work with card issuers to issue a "mobile card" remotely which allows the EMV enabled POS terminals to accept the mobile card. For Canada, your Canadian EMV cards can't currently be used at a Canadian EMV POS terminal using Loop.
Note that Loop can help you store and organize all your mag stripe cards, including gift cards, loyalty cards, and custom branded cards; e.g. Starbucks are still mag stripe. These cards can be used in the LoopWallet. You can also use your cards in your LoopWallet for online purchases.Last updated:
EMV 7816 interface is for plastic chip cards only, it does not facilitate eCommerce nor mCommerce. mCommerce needs a ubiquitous interface at the POS for acceptance. Everyone was trying to build a new interface on the POS, not realizing that this wireless ubiquitous interface happens to already exist on every POS, and already co-exists perfectly with EMV - it is the magnetic reader interface. Loop is the first company to invent a way to turn a magnetic stripe reader into a ubiquitous contactless interface. Loop's invention solves a huge problem to enable mobile phones to talk with POS terminals without any change at the POS and without a very long and very expensive POS migration path by merchants and acquirers. Card issuers can take advantage of Loop’s interface by issuing cards to mobile users that work at any POS terminal by emulating a magnetic stripe signal, and can even add tokenized security to the payload, that they decrypt, that is as secure as EMV.
For more background: EMV (7816 interface) is a chip card technology designed in France, first launched in 1989, has been a multi-decade effort to make plastic cards safer. It is doing so, although at a high price to upgrade terminals and cards which is one reason it has taken so many years for Europe to fully migrate, and even longer for the US and other places to adopt. EMV has done nothing for eCommerce during the past 15 years, nor can those EMV contact points on the POS accept mobile payments. NFC 14443 (an RF interface) was supposed to address that, but after nearly a decade only a single digit percentage of merchants that can accept NFC, again requiring a POS change. Changing tens of millions of merchant POS systems is very, very, very hard to do - George and Will know a little about this POS space first hand.
Loop has taken a different approach by using the reliable magnetic reader as a receiver. This interface requires no change to the hardware, the applications, the acquirer, the issuer, nor even clerk training (to our surprise, you saw the videos, with very minor exceptions which will change over time.) Frankly, Will and George were not sure this type of interface was possible, no one else has done this in our patent searches either, but Loop has solved the "last inch" problem. Loop enables new value to be delivered, better interactions between consumers, issuers, and merchants (like the Starbucks app, without the heavy infrastructure investment by every merchant). Loop also enables better security with dynamic tokenized data. This is just the beginning, and this interface currently co-exists with EMV and helps issuers leverage mobile without investing in new terminals.Last updated:
Loop is a Level One PCI certified Third Party Processor, and Loop will continue to test its systems, which will include product penetration testing. The devices and secure memory is also highly secure and protects the card data in an encrypted format, unlocked only with keys injected in the secure memory. It is very difficult to break into the secure memory. Once the magnetic stripe data is stored, it can only be transmitted once you have authenticated yourself against the device. Your payment card data is safer in the Loop than in your leather wallet because you get to lock your LoopWallet with your PIN, and your phone is traceable via phone location services.Last updated:
All card track data is stored Encrypted on the secure memory in the Loop ChargeCase and Loop Fob and protected by your PIN. The LoopWallet is designed to work like your real wallet where you are able to see your credit card information within the application after you enter your username and password to perform online purchases, etc. If you lost your phone you are more likely to recognize it being lost sooner than recognizing your leather wallet being lost, thus respond faster to cancel your cards. There is also an additional PIN that has to be entered to access the card in the LoopWallet. Finally, if you lose your phone you can track the location of your phone via phone location applications.Last updated:
When you sign up for a LoopWallet account Loop performs an identity verification on you to ensure you are, who you say you are. Once verified, you can only add credit cards that have your name on them, contained on Track 1 of the magnetic stripe, which Loop uses to verify against the account holder’s name. The system will reject loading of a credit card that does not belong to you. For loyalty or gift cards that do not contain a users name, Loop can recognize the cards by the first 6 digit of the card (BIN range), and would accept these into the LoopWallet, however chances are criminals will likely have no incentive to “Skim” these type of cards.Last updated:
“Card Present” transactions require two items to be true: 1) The transaction is accomplished via POS terminal in a “brick and mortar” store and 2) the card swipe data is transmitted via the POS terminal. Since the POS terminal does not know where the data came from (it just shows up via electrical/magnetic signals), the POS device does not know the difference; and neither does the Acquirer nor the issuing bank. Using Loop to transmit the track data is the same as using a card swipe to transmit the track data; this is accepted as a Card Present transaction. No changes to merchant POS is required here.Last updated:
What security prevents someone from using my Fob, and therefore, my default credit card if I lose it?
Within the application you are able to set a device lock timer to 10 minutes, one hour, 24 hours, or indefinite. If your Loop device is set for 10 minutes the button on the fob will be active for 10 minutes. After 10 minutes the card data is dropped from the Fob.
There is a user defined time limit that locks the FOB, once it is detached from the phone. Once the lock triggers you must plug your FOB into your phone and re-authenticate it. Some users have the timeout set to 0 seconds; never use in stand-alone mode. Others have the time limit set to indefinite; which is equivalent to having a credit card in your wallet.Last updated:
Some merchants ask to see the actual card (normally to get verify the last 4 digits), how does Loop handle this?
You will be able to show the last four digits of the card number within the LoopWallet application. Once the clerk adds the four digits into the POS terminal the transaction is processed. Show them your digital card in the application, this will do the trick.Last updated:
Beyond the initial cost of the Fob or ChargeCase, there are no additional hidden fees for your LoopWallet as a consumer. There are no per transaction fees or recurring cost. The LoopWallet application will be available for free.Last updated:
Currently our application does not support identity verification outside of the United States. We are currently working to expand our identity verification in other countries. When we ship a device to you we expect it to work, and it is against our principles to ship you a device that is not properly supported or exposes you to unnecessary risk. Our website and our newsletter will be updated with our international rollout plans. Thank you for your support!Last updated:
The fob battery will power 300 transmissions before needing a recharge. At 5 transactions per day, the battery will last for about two months. The Loop Wallet application (which runs on the phone) shows the battery level (0 to 100%). An automatic recharge prompt appears when the battery is down to 20% capacity (60 transactions remaining). Battery charging is accomplished via a micro USB cord and requires 100 mA of charging current. A full charge takes 80 minutes.Last updated:
Loop has filed multiple patents to include magnetic transmission of card data signals from a distance (about 40mm) to a standard POS card reader, and the associated security and storage protocols to make this kind of mobile wallet solution viable.Last updated:
A: Hi, this is Will Graylin, I'd like to share some of my observations and best practices from personal experience paying with Loop at over 750 merchants the past 6.5 months, (I'm closing in on 1,000 transactions total, might be a record for paying at merchants by phone in the wild, at least for now.) I have used Loop at consumer facing and merchant facing terminals, restaurants, bars, mobile terminals, vending machines, parking lot attendees in a booth, etc. Here are some use cases and what I normally do and see.
1. When checking out, the first thing I normally do is tell the clerk which card I'm about to use - "I would like to use my Amex", or Visa, my Starbucks/Dunkin Card, etc. Some POS terminals need the clerk to select card type on the POS first, and some merchants don't accept Amex, so tell them the card you're using.
2. Then they are expecting me to swipe, or hand them a card, then I say "Want to see something cool?" (of course, who wouldn't?) then I tell them "I'm going to pay with my phone, watch this..."
3. At this time, they'll either let me proceed, or they'll say something like "Our terminals don't accept that yet, it's old", and I'll say, "you may be surprised with this new technology, let me show you."
4. Then I put the Loop logo on the swipe slot and press send. Customer facing like CVS, BestBuy, Target, are simple. Clerk facing terminals like Starbucks, or Dunkin, I just reach over like you see in the video with my ChargeCase or Fob, place it to the middle of the slot and press send. Most of the time, one press is enough, sometimes 2 or 3 presses are required.
5. The vast majority of the time, the clerks are just surprised and delighted, (most have never seen it work at their terminal.)
6. Some terminals like Best Buy, Radio Shack will ask for your last four digits to reduce skimming fraud. You can show them the last 4 on the screen. If they ask for ID, just flip the ID up from the bottom of the screen inside the application.
7. If it is at a restaurant: I tell the server when I am ready to leave, and that "I would like to pay at the cash register if you don't mind", they always take me there and ring up my table, and I pay with Loop on the swiper of those Micros or Radiant type terminals.
8. If I'm sitting at a bar, I just instruct the bar tender to take my Phone or Fob to place it against the swiper and press the button or screen. They totally don't expect it to work but have never refused to try it. We need to create a 5 - 10 sec video on the App to show clerks where to place Loop and press.
9. I hope these anecdotes help. The first few times, I was a bit unsure, but after a few successful transactions, it becomes easy. I still enjoy seeing clerk reactions.
If you have questions, don't hesitate to let us know. Thanks again for your support!Last updated:
We are exploring partnering with other ChargeCase manufactures to produce Android versions. Obviously the S4 is a popular model that we know is in high demand. We are working toward delivering different models in the first quarter of 2014. Please message us with other models that you may be interested in.Last updated:
We recommend that you carry a legal ID with you at all times. We don't want to see you get in trouble.Last updated:
Yes. You will receive your Fob in December, and your ChargeCase will be mailed separately in February.Last updated:
Don't see the answer to your question? Ask the project creator directly.Ask a question